CryptPad: A Collaboration Suite That Doesn’t Ask for Trust
CryptPad is what happens when someone takes the idea of online collaboration and says: *what if we just didn’t see any of your data?* It’s a browser-based platform — no install, no app — but everything typed, uploaded, or shared is encrypted right there in the browser. Not after. Not optionally. It happens before anything touches the server.
It supports real-time editing, spreadsheets, whiteboards, Kanban boards, slides, and forms. But unlike most tools in this space, no administrator can access the content. No telemetry, no indexing, no one “scanning to improve the experience.”
Main Features
| What It Does | Why It’s Useful |
| Encrypts content in the browser | Keeps documents private — even server operators can’t read them |
| Supports live editing | Collaborators can work together, see each other’s updates instantly |
| Covers most productivity needs | Docs, spreadsheets, task boards, diagrams, polls, presentations |
| Doesn’t require accounts | Sharing is frictionless — just a link, no sign-up walls |
| Can be self-hosted | Keep everything on your own infrastructure if needed |
| Complies with GDPR and similar laws | Designed with strict privacy expectations in mind |
How to Install CryptPad (Step-by-Step)
This guide walks through setting up CryptPad on a Debian-based Linux server.
Requirements:
– Linux server (Debian 11 or 12 recommended)
– At least 2 CPU cores, 2 GB RAM, 20 GB storage
– Git, Node.js (version 18+), npm
– A domain name (for TLS setup)
– nginx (for proxying and HTTPS)
– Optional: Docker (for quicker setup)
Option 1: Install Using Docker (Quick Setup)
docker pull xwiki/cryptpad
docker run -d \
-p 3000:3000 \
-v cryptpad-data:/cryptpad/customize \
–name cryptpad \
xwiki/cryptpad
# Open http://<your-server-ip>:3000 in browser
Option 2: Install from Source (More Control)
sudo apt update && sudo apt install -y git nodejs npm
git clone https://github.com/cryptpad/cryptpad.git
cd cryptpad
npm install
npm run build
node server.js
First-time run generates a default config file. Edit `customize/config/config.js` to set hostname, TLS, admin email, etc.
nginx Example Configuration (HTTPS Proxy)
server {
listen 80;
server_name pad.example.org;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name pad.example.org;
ssl_certificate /etc/letsencrypt/live/pad.example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pad.example.org/privkey.pem;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
}
}
Daily Use and Management
- Invite team members by sharing links or setting up workspaces
- Content is encrypted automatically and saved as ciphertext
- System logs exist but never include readable document content
- Updates can be pulled via Git (if installed from source) and rebuilt easily
- Admins can monitor usage via standard Linux tools; no hidden metrics or dashboards
When It’s the Right Fit
- Legal teams, educators, researchers, privacy-focused communities
- Any group handling sensitive or regulated data
- Projects requiring anonymous collaboration or document sharing
- Organizations needing GDPR or internal compliance guarantees
CryptPad isn’t for everyone. It’s for teams that handle things that aren’t meant to be indexed or crawled. It doesn’t track. It doesn’t guess. It just works, quietly and securely.
